Fresh DDoS Attacks Batter US Banks

Major US banks are once again hit by DDoS attacks, with speculation increasing about their origins

Major banks in the United States were once again targeted by alleged hacktivists with denial-of-service (DDoS) attacks last week.

The attack apparently caused some disruption at a handful of financial institutions.

State Funded?

While the group behind the attacks continue to pose as hacktivists, the longevity of the campaign – now entering its sixth month – has some security experts arguing that the attacks are a well-funded operation.

On 5 March, al Qassam Cyber Fighters (QCF) launched their latest attacks against banks, posting a message on Pastebin stating that nine banks would be targeted by denial-of-service attacks during the week. Unlike previous network floods, the current attacks have simultaneously inundated a handful of banks with a deluge of traffic consuming bandwidths from 10Gbits up to 40Gbits, said Carlos Morales, vice president of global sales engineering and operations for network-protection firm Arbor Networks.

“They clearly have gotten more sophisticated over time,” Morales said. “They are doing their homework. A lot of the banks have reported that they seeing probing and smaller attacks before the larger attacks, so the attackers are taking into account what the banks are serving up and customising the attacks to take advantage of the banks’ defences.”

The QCF attacks started in September 2012, targeting banks allegedly in retaliation for the posting of a video to YouTube that offended many Muslims. US officials believe that Iran is carrying out or funding the attacks, according to a January report in The New York Times. The servers used in the attacks have also been used for criminal purposes, suggesting that the attackers are using criminal activities to fund the attacks or hiring time on criminal botnets to boost their capabilities.

The current attacks have targeted Bank of America, BB&T, CapitalOne, Citibank, Fifth Third Bancorp, JPMorgan Chase, PNC, UnionBank, and U.S. Bank, according to the QCF post.

“This whole thing strikes me as a huge amount of saber rattling,” he said. “This is not about taking down the financials. If that was the case, they would not announce it.”

Expensive Problem

Defending against distributed denial-of-service (DDoS) attacks is not cheap. In a report released on 12 March, managed-security firm Solutionary estimated that organisations spend as much as $6,500 (4,348 pounds) an hour to recover from DDoS attacks – a number which does not include any lost revenue due to downtime.

The incidents do not seem like the work of hacktivists, who, in the past, attacked a company or site only long enough to gain attention and then moved on. The focus of the QCF group on repeatedly hitting the same targets for many months suggests other motivations, said Morales.

In its “State of the Internet” report for the third quarter of 2012, Internet security and content-delivery platform Akamai came to the same conclusion.

“While the attackers claimed to be hacktivists protesting a movie, the attack traffic seen by Akamai is inconsistent with this claim,” the company stated in the report. “The amount of attack traffic that was seen during these attacks was roughly 60 times larger than the greatest amount of traffic that Akamai had previously seen from other activist-related attacks. Additionally, this attack traffic was much more homogenous than we had experienced before, having a uniformity that was inconsistent with previous hacktivist attacks.”